Solutions
Product
Services
Resources
Company
Developer
hello@okaythis.com

Kverndalsgata 8,
3717 Skien,
Norway

Solutions
Embedded Finance Providers and BaaS
Banks
BtoC and BtoB Fintechs
Corporate Sector
Okay Passwordless
Products
Okay KYC
Okay PSD2 SCA
Okay ACS
Okay IAM
Services
Advisory Services
Risk and Security Audits
Integration and Professional Services
Application Management Services
Resources
Blog
Glossary
Patents
PSD2/3 Resources
Company
About
Get In Touch
Partners
Developers
iOS SDK Guide
React Native Module
Android SDK Guide
Server Documentation
API Documentation
©2025 Okay. All rights reserved
Privacy & Policy
Terms & Condition
Back to Blog

PDS2 SCA Compliance Checklist

Published: 23.12.2019

Updated: 23.12.2019

Author: Ingrid Nes

One of the aims of the Revised Payment Service Directive, more commonly known as PSD2, is to better protect consumers when they pay online. The requirement for a strong customer authentication (SCA) in a majority of these electronic payments is a key element of the regulation. 

The Requirements of SCA

To increase the security of transactions, SCA has a requirement for multi-factor authentication. SCA requires that transactions are authenticated with at least two of these three factors:

  • Possession: Something the user has, like a token
  • Knowledge: Something the user knows, like a pin or a password
  • Inherence: Something the user is. Most commonly refers to biometrics like fingerprints.

With Okay, you can add an additional layer of security without having to write or manage the security requirements needed for a secure and trusted transaction. Check out our previous post where we cover just how Okay provides 2FA support.

2FA and the EBA

Beyond what is commonly called second factor authentication, the EBA also made a few requirements about security itself, around the transaction, and around its authentication process.

In June 2019, the European Banking Authority (EBA) published an opinion on how the elements of SCA should be understood under PSD2. When evaluating whether or not your service is SCA compliant under PSD2, it is important to make sure that it is in line with EBA’s opinion. 

Sign Up for Our Newsletter

Unlock updates, insights, and exclusive content delivered to you.

Is Your App Compliant?

With Okay’s checklist, you have an easy-to-use tool to check if your app is ready for PSD2 SCA compliance. In addition to the authentication factors, the checklist includes points on the secure environment, malware protection and documentation of the solution.

Download the checklist, and check if you are ready for SCA under PSD2!

Related Articles

From PSD2 to PSD3… to PSD4? Tracking the Next Wave of Regulatory Updates for Europe

Regulation and compliance
22.04.2025

PSD2 SCA Compliance: Preparing for the Deadline

Regulation and compliance
12.02.2019

Why Should You Care? PSD2 Explained

Regulation and compliance
15.08.2019